Skip navigation
All Places > Products > RSA Identity Governance & Lifecycle > Blog > 2016 > August

Ever since provisioning nodes were released in version 6.8.1, I've had a love/hate relationship with them.  On the one hand, they allow you to execute pretty much any sort of provisioning in your workflow (at the risk of turning workflow into a scripting language).

However, up until relatively recently, they've been very bad at reporting their status.  Did that command execute properly?  Did your account get setup the way you want?  Do we need to let support know that a person may not have the proper configuration? I don't know!


Well- good news- because as of 6.9.1 patch 6- there is now a way to do this right within workflow!  Let's walk through it quickly.


First, as of 6.9.1 patch 6, you'll notice a new checkbox on the provisioning command node.  This will force the node to wait for a response from AFX, and store that response in workflow variables.

After the command executes, there are now 2 new workflow variables available to you.



     -0 = Success

     -1 = Failure




     Contains the text failure message from AFX.


What's not immediately clear is how to actually use these variables... they don't show up in the UI anywhere.  Here's how:


${jobUserData_acm.provisioningCommandStatusCode} and



I've found that the decision node can't use these directly- so I created job level variables like so:

(this can be done by right clicking on any blank space on the workflow job, and selecting "properties" from the context menu).

I then set this value equal to ${jobUserData_acm.provisioningCommandStatusCode} using a set variable node.

and finally I use a decision node to branch differently based upon the result (can send email, etc).


I hope this helps you create more robust workflows!


Paul Douglas

Build your org chart

Posted by Paul Douglas Employee Jul 31, 2016

As a small flight of fancy, I thought that I would piece together an organisation chart using the information collected directly from Identity Governance and Lifecycle.

The reason I wanted to use the information G&L gathered instead of the direct HR source, is that it allows for contractors etc. not located in HR to be included.


I'll do my best to explain this process, but depending on the versions of Windows and Office installed, your experience may vary.

My environment is as follows:

Operating System: Windows 7 x64

Visio Version: Visio 2013 x32


For this exercise, you'll first need to setup an ODBC data source in Windows.

As I have a 32 bit Office installation, the 32 bit Oracle InstantClient Basic and ODBC versions were needed. These can be obtained from Oracle's website.


With these packages installed, you'll need to modify Windows' Path variable to include the InstantClient folder and add a new System Variable ORACLE_HOME that also points to the InstantClient folder.

My installation location was C:\Program Files\Oracle\instantclient_12_1_32bit

Next step is to create a tnsnames.ora file.

You'll need to create this file within a network\admin folder in your InstantClient folder. For me this was C:\Program Files\Oracle\instantclient_12_1_32bit\network\admin

The contents of my tnsnames.ora file are below:




     (address = (protocol = TCP)(host = = 1555))


(connect_data =





Now that Oracle InstantClient is installed and all dependencies set, it's time to create the ODBC data source.

On a Windows x64 OS, using the normal ODBC data source creation won't work for the x32 InstantClient version.

Running C:\Windows\SysWoW64\odbcad32.exe opens the 32 bit version.

Click Add

Choose the InstantClient and click Finish

You'll then get the configuration prompt

You should see the service name configured in the tnsnames.ora file. I strongly suggest making the connection Read-Only to avoid any damage being done to the database.

Click Test Connection, and you'll be prompted for the username and password to the database.


If you've got this far, you can now do the easy part of creating your Visio org chart. The ODBC connection you've just setup can be used by any other application that utilises ODBC i.e. Archer, Excel etc.


Open Visio and choose to create an Organisation Chart

Choose Information that's already stored in a file or database

Choose An ODBC-compliant data source

Select the ODBC source that you created in the beginning

Enter the username and password


I've used the following configuration

After a little bit of waiting for the information to build and process

You'll now have an org chart

I have used colouring of users by department value using Data Graphics


I hope this is of value to you, and it's a great exercise to go through to further use the information you've spent so much time gathering and validating.

Have fun!


Filter Blog

By date: By tag: